gatt: Fix crash when a device is removed

If a device is removed with notifications enabled that would lead to device_state being freed while att_disconnected has not been called yet. gh-issue: https://github.com/bluez/bluez/issues/82
author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2021-01-19 11:29:51 -0800
committer: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2021-01-19 11:29:51 -0800
commit: f1839c569813e902d197ce14293fef880177e45b (patch)
tree: 8de4694702447fb2a600d53dd856503052dd07fc /src/gatt-database.c
parent: 2ce0d340000e40b29ec2f8079bc5efadf004e5f6 (diff)
download: bluez-f1839c569813e902d197ce14293fef880177e45b.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/src/gatt-database.c b/src/gatt-database.c
index d99604826..d635c3214 100644
--- a/src/gatt-database.c
+++ b/src/gatt-database.c
@@ -1350,11 +1350,17 @@ static void send_notification_to_device(void *data, void *user_data)
 	if (!ccc->value || (notify->conf && !(ccc->value & 0x0002)))
 		return;
 
-	device = btd_adapter_get_device(notify->database->adapter,
+	device = btd_adapter_find_device(notify->database->adapter,
 						&device_state->bdaddr,
 						device_state->bdaddr_type);
-	if (!device)
+	if (!device) {
+		/* If ATT has not disconnect yet don't remove the state as it
+		 * will eventually be removed when att_disconnected is called.
+		 */
+		if (device_state->disc_id)
+			return;
 		goto remove;
+	}
 
 	server = btd_device_get_gatt_server(device);
 	if (!server) {
author	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>	2021-01-19 11:29:51 -0800
committer	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>	2021-01-19 11:29:51 -0800
commit	f1839c569813e902d197ce14293fef880177e45b (patch)
tree	8de4694702447fb2a600d53dd856503052dd07fc /src/gatt-database.c
parent	2ce0d340000e40b29ec2f8079bc5efadf004e5f6 (diff)
download	bluez-f1839c569813e902d197ce14293fef880177e45b.tar.gz